Making Data Security The Foundation Of Your Virtualization Infrastructure

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Making Data Security The Foundation Of Your Virtualization Infrastructure"

Transcription

1 Making Data Security The Foundation Of Your Virtualization Infrastructure by Dave Shackleford hytrust.com Cloud Under Control P: P:

2 Securing data has never been an easy task. Its challenges include properly classifying data according to value and risk, applying appropriate security policies in response to those risks, controlling enterprise-wide encryption, and managing myriad system and data-access controls. Now, with virtualization and a more dynamic infrastructure, enterprises have an even greater challenge in protecting their data. The good news is that your data can be well guarded in virtualized environments as long as your security teams understand the new ways that virtual machine (VM) elements and data can be exposed and the security technologies available to help solve those problems. This paper explores these topics. Virtualization Complexity and Risk In June 2011, the Payment Card Industry (PCI) Standards Council released a long-awaited information supplement to the latest Data Security Standard (DSS) titled PCI DSS Virtualization Guidelines. This document, collaboratively produced by a group of security and compliance professionals, provides guidance on how your security and compliance teams, particularly PCI assessors, should evaluate virtual infrastructure that falls within the scope of payment card compliance requirements. Two key sections of the document stand out one details virtualization risks, and the other addresses control recommendations. Both are generally relevant to the goal of data protection in virtual environments whether or not your servers have any requirement to meet PCI guidelines. Several of the risks include: Increased complexity of virtualized systems and networks: The addition of new technology layers, such as virtual networking and appliances and the hypervisor itself, creates potential misconfiguration issues. These, coupled with virtualization vulnerabilities, can lead to significant risk potential. Mixing VMs of different trust levels: The guidance implies that mixing different data classification levels on a single hypervisor could lead to data loss or exposure (which also logically applies to the storage of VM images). Lack of separation of duties: Lack of proper role definition and privilege assignment could lead to privileged access granted widely and for far more than just the virtualization management console. Page 1

3 Dormant VMs: VMs that are not active (dormant or no longer used) could still house sensitive data such as authentication credentials, encryption keys, or critical configuration information. Vulnerability of VM images and snapshots: if images aren t secured and protected from modification, an attacker may gain access and insert vulnerabilities or malicious code into the image. The compromised image could then be deployed throughout the environment, resulting in a rapid compromise of multiple hosts. Vulnerabilities in the physical environment apply in a virtual environment: Physical threats also apply to virtual implementations; the most securely configured, well-contained logical partitions will still need adequate physical controls for protection of the hardware. The PCI Council recommends the following control measures that apply specifically to data protection: Evaluate risks associated with virtual technologies: Assess all virtualization components and processes for risk just like any other technology. Restrict physical access: Ensure physical access to VMs and virtualization platforms is restricted and carefully monitored. Implement defense in depth: Security controls should be considered and potentially applied at all layers of technology implementation, including physical systems, hypervisor software, host OS, VM platforms, applications, and storage. Enforce least privilege and separation of duties. As a best practice, restrict administrative access by specific VM function, virtual network, hypervisor, hardware, application, and data store. Harden VMs and other components: Hardening and lockdown should include virtual network interfaces and storage areas, and the integrity of any cryptographic key-management operations should be verified. Earlier versions of the PCI standard addressed the need for encryption of credit card and other sensitive data. With virtualization, sensitive information can be exposed in new ways even if encryption is deployed within the VM. The release of the new PCI Council guidelines demonstrates how critical and widespread virtualization has become and how important it is to evaluate data security risks in these environments to meet both security best practices and compliance mandates. Page 2

4 The flexibility and mobility benefits of virtualization bring a greater need to expand your thinking about data protection to extend protections throughout the data lifecycle. The Data Lifecycle Securing devices where a VM resides for the moment is not enough. It is important to look at the complete life-cycle of the VM and its data and secure that data wherever it goes: in the private data center, in backups, on remote systems, and increasingly, as VMs are moved into the public cloud. The first key to developing a sound data protection plan is to understand the data lifecycle. Figure 1 shows a widely used model developed by KPMG. Compliance Figure 1. The Data Lifecycle Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7 Gerneration Use Transfer Transformation Storage Archival Destruction The first four phases, from generation through transformation, rely on security through proper data classification and application-specific controls. However, in a virtual environment, there are a number of access control and administration tasks that should be in place to create the framework for an enhanced data protection focus. Page 3

5 VM Storage Security The fifth phase of the data lifecycle is storage. For VMs, quite a few types of files need to be protected to adequately protect sensitive data. Figure 2 shows an example of these files (for VMware). Virtual Disk (Data) Virtual Disk (Data) Data Virtual Disk (Data) Virtual Disk (Data) Virtual Disk (Guest OS) Virtual Disk (Apps.) Executables Suspend File Config. Files Virtual Machine state & environment Snapshot File Paging File Log Files VM Meta Data VM memory image Critical VM configuration Forensics information There are many files associated with a single VM, from the virtual disk files (.vmdk) to the main configuration file (.vmx). The VMDK disk files are a primary location for sensitive data to be stored, so all VMDK files should be protected and monitored for illicit access or theft. In addition, there are a number of other file types that could potentially store sensitive data, and should be protected as well: VSWP: The VSWP file is your VM s swap or paging file. Each VM running on a hypervisor server gets its own swap file, which is created when the VM is powered on. The purpose of the swap file is to store memory pages when the VM s designated RAM is overcommitted. VMSS: VMSS files store memory data about a VM that has been temporarily suspended. Page 4

6 VMSN and VMSD: VMs can have data snapshots taken from which they can be restored later. The VMSN and VMSD files contain metadata about the VM and will be created once snapshots are taken. *-delta.vmdk: The DELTA file contains all changes to the VM disk once a snapshot is taken. This file will disappear once a snapshot is actually applied. Securing the data at rest also involves preventing physical theft of the VM files. The theft of a virtualized server no longer requires an attacker s physical presence. Gaining access to file shares, storage devices, or even administrator workstations can lead to theft of whole VMs. For this reason, security teams must be extremely diligent about monitoring activity around virtual infrastructure, including remote access and the use of USB-based storage devices. Sensitive data can be exposed in new ways in a virtualized world. As VMs become more mobile, the VM leaves an information footprint wherever it runs. Another critical data type to consider for VMs is the set of template files that represents master deployment images in your virtual environment. For organizations running VMware vsphere, these templates can consist of two specific files: VMTX: VM configuration templates (correspond to VMX files) VMTD: The VM disk configuration templates (correspond to VMDK files, older format for VM ware that may not be in use on newer platforms) Wherever these template files are stored, employ file integrity monitoring and logging to ensure that unauthorized tampering does not occur. If an attacker or malicious insider compromises the template file, unwanted changes could be replicated across a wide number of systems, causing unusual behavior, data exposure, or even denial-of-service conditions. Page 5

7 Archival and Destruction: Backup and VM Decommissioning There is a good chance that sensitive data could be present in VM disk or memory-related files, and some of these may be left behind inadvertently if you don t take proper precautions. Data archival and destruction are the last stages of the data lifecycle. For virtual environments, archival means backing up entire VMs and data accessed and stored for use in virtual environments; destruction could mean decommissioning VMs and their associated data. How can VMs stored in their entirety on backup tapes or other media be safely stored? The backup media must be encrypted. VM Data Protection with Encryption The right encryption solution can serve as the foundation for securing VMs and data. The solution should encrypt and protect data on behalf of the VM, and it should also encrypt and protect the VM image on behalf of the hypervisor. Implementing and managing an encryption solution can be unwieldy and difficult, and ongoing mainte nance requires manual processes or complex architecture changes. Ideally, encryption tools would encapsulate the entire VM, including all memory and swap files, snapshot files, and any files that contain sensitive data. Alternately, encrypting specific areas of the VM known to contain sensitive data may be more efficient. In addition to strong algorithms, an encryption solution needs to offer key management and rotation capabilities, and should be as easy to deploy and maintain as possible. Use encryption for VMs at rest and when generating secure VM backup images. Page 6

8 VM Data Access Control and Monitoring When it comes to crypto key management, the first security principle to enact for virtualized infrastructure is the separation of administrative duties. In many organizations, existing Windows or other systems administrators manage virtualization. Although this may be convenient, there are numerous aspects of proper management and administration of a virtualization environment that should be the responsibility of specific administration teams. Most virtualization platforms allow for reasonably granular role creation and privilege allocation. For example, Figure 3 shows the default VMware vsphere roles available in the vcenter management platform. Many administration teams use the built-in Administrator role and assign most users to roles that allow access to VMs for specific use cases. Many privileges can be assigned, including explicit access to defined data stores, which can help to control data leakage or unauthorized access to data that is stored in VMs. Figure 4 shows some example privileges in vcenter. Page 7

9 Ensuring that user roles and data access privileges are appropriate for the organization is critical. Unfortunately, native virtualization platforms do not facilitate this, and the creation of proper roles might take significant effort. Access to VMs should be carefully controlled through the assignment of roles and privileges for access and interaction and monitoring and auditing the storage infrastructure where VMs are located. How you control and monitor will depend on the type of storage you have and the monitoring capabilities of tools like log management and Security Information and Event Management (SIEM) platforms. Paying attention to the following types of user activities is prudent: Which users are accessing VM files? Where are the users located? What type of access is employed (vcenter or other management console access to remote fileshare access using domain credentials)? When the VM access and/or VM-related actions took place? Page 8

10 Conclusion Proper data protection capabilities are vital to a virtual infrastructure hosting sensitive data of any kind, especially if VMs are widely deployed or moving to hybrid and public cloud environments. The recognition of the need for virtualization security through industry and government regulations and from the information security community in general means that security at each stage of the data lifecycle will need to be addressed by solutions that have traditionally been implemented only in physical data center environments. To adequately protect data in VMs throughout their data lifecycle, separation of duties and role-based management are essential, and the existing virtualization vendors do not make it simple or granular to create and assign roles to different groups of users and IT teams. In addition, strong encryption is needed to encrypt full or partial VMs at rest, in backups, and in motion, and simple assignment of policy and key management will speed adoption of this fundamental security control. About the Author Dave Shackleford is currently the Senior VP, Research and CTO at IANS. Previously he was the Founder and Principal Consultant at Voodoo Security; Director, Risk & Compliance and Director, Security Assessments at Sword & Shield Enterprise Security, Inc.; Chief Security Strategist, EMC Ionix at EMC; and Chief Security Officer at Configuresoft; He is a SANS Instructor and teaches virtualization and cloud security to hundreds of companies every year. Page 9

Learn the Essentials of Virtualization Security

Learn the Essentials of Virtualization Security Learn the Essentials of Virtualization Security by Dave Shackleford by Dave Shackleford This paper is the first in a series about the essential security issues arising from virtualization and the adoption

More information

Learn the essentials of virtualization security

Learn the essentials of virtualization security Learn the essentials of virtualization security White Paper Table of Contents 3 Introduction 4 Hypervisor connectivity and risks 4 Multi-tenancy risks 5 Management and operational network risks 5 Storage

More information

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary

ProtectV. Securing Sensitive Data in Virtual and Cloud Environments. Executive Summary VISIBILITY DATA GOVERNANCE SYSTEM OS PARTITION UNIFIED MANAGEMENT CENTRAL AUDIT POINT ACCESS MONITORING ENCRYPTION STORAGE VOLUME POLICY ENFORCEMENT ProtectV SECURITY SNAPSHOT (backup) DATA PROTECTION

More information

White Paper. Evolve or Die: Security Adaptation in a Virtual World

White Paper. Evolve or Die: Security Adaptation in a Virtual World Evolve or Die: Security Adaptation in a Virtual World Contents Virtualization is ubiquitous...4 PCI Standards Council Scope the problem (back in 2011)...4 Major security challenges abound...5 How our policies,

More information

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption THE DATA PROTECTIO TIO N COMPANY Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption whitepaper Executive Summary Long an important security measure, encryption has

More information

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption

Whitepaper. What You Need to Know About Infrastructure as a Service (IaaS) Encryption Whitepaper What You Need to Know About Infrastructure as a Service (IaaS) Encryption What You Need to Know about IaaS Encryption What You Need to Know About IaaS Encryption Executive Summary In this paper,

More information

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011

PCI DSS Virtualization Guidelines. Information Supplement: PCI Data Security Standard (PCI DSS) Version: 2.0 Date: June 2011 Standard: Version: 2.0 Date: June 2011 Author: PCI Data Security Standard (PCI DSS) Virtualization Special Interest Group PCI Security Standards Council Information Supplement: PCI DSS Virtualization Guidelines

More information

David.Balka@chi.frb.org 2009 STREAM FRBC

David.Balka@chi.frb.org 2009 STREAM FRBC Virtualization ti Dave Balka David.Balka@chi.frb.org Examination Elements Architecture Management Processes Integrity Availability Security 2 Datacenter Consolidation 3 What is Virtualization A framework

More information

Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security

Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security WHITE PAPER August 2011 Passing Compliance Audit: Virtualize PCI-compliant Workloads with the Help of HyTrust and Trend Micro Deep Security HYTRUST AND TREND MICRO DEEP SECURITY TOC Contents Virtualization

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Virtualization and Cloud: Orchestration, Automation, and Security Gaps

Virtualization and Cloud: Orchestration, Automation, and Security Gaps Virtualization and Cloud: Orchestration, Automation, and Security Gaps SESSION ID: CSV-R02 Dave Shackleford Founder & Principal Consultant Voodoo Security @daveshackleford Introduction Private cloud implementations

More information

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE

VMware Security Briefing. Rob Randell, CISSP Senior Security Specialist SE VMware Security Briefing Rob Randell, CISSP Senior Security Specialist SE Agenda Security Advantages of Virtualization Security Concepts in Virtualization Architecture Operational Security Issues with

More information

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015.

Preparing an RFI for. This RFI has been updated to reflect the new requirements in Version 3.0 of the PCI DSS, which took effect January 2015. Preparing an RFI for Protecting cardholder data is a critical and mandatory requirement for all organizations that process, store or transmit information on credit or debit cards. Requirements and guidelines

More information

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com

Secure Multi Tenancy In the Cloud. Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com Secure Multi Tenancy In the Cloud Boris Strongin VP Engineering and Co-founder, Hytrust Inc. bstrongin@hytrust.com At-a-Glance Trends Do MORE with LESS Increased Insider Threat Increasing IT spend on cloud

More information

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments

H Y T RUST: S OLUTION B RIEF. Solve the Nosy Neighbor Problem in Multi-Tenant Environments H Y T RUST: S OLUTION B RIEF Solve the Nosy Neighbor Problem in Multi-Tenant Environments Summary A private cloud with multiple tenants such as business units of an enterprise or customers of a cloud service

More information

managing the risks of virtualization

managing the risks of virtualization managing the risks of virtualization Chris Wraight CA Technologies 28 February 2011 Session Number 8951 abstract Virtualization opens the door to a world of opportunities and well managed virtualization

More information

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««;

Security. Environments. Dave Shackleford. John Wiley &. Sons, Inc. s j}! '**»* t i j. l:i. in: i««; Security N Environments '' J J H -. i ^ s j}! Dave Shackleford '**»* t i j i««; l:i in: John Wiley &. Sons, Inc. Contents Introduction.. : xix Chapter l Fundamentals of Virtualization Security Virtualization

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant

Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV. Nadav Elkabets Presale Consultant Securing sensitive data at Rest ProtectFile, ProtectDb and ProtectV Nadav Elkabets Presale Consultant Protecting Your Data Encrypt Your Data 1 ProtectFile StorageSecure ProtectDB ProtectV Databases File

More information

Cloud Computing Governance & Security. Security Risks in the Cloud

Cloud Computing Governance & Security. Security Risks in the Cloud Cloud Computing Governance & Security The top ten questions you have to ask Mike Small CEng, FBCS, CITP Fellow Analyst, KuppingerCole This Webinar is supported by Agenda What is the Problem? Ten Cloud

More information

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments

Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Tenable Webcast Summary Managing Vulnerabilities in Virtualized and Cloud-based Deployments Introduction Server virtualization and private cloud services offer compelling benefits, including hardware consolidation,

More information

PCI Compliance in a Virtualized World

PCI Compliance in a Virtualized World PCI Compliance in a Virtualized World Security Technology Infrastructure Security Integration 24x7 Support MSS Training Information Assurance Staff Augmentation Presenters John Clark QSA, PMP, CISA, CISSP

More information

Virtualization Security Checklist

Virtualization Security Checklist Virtualization Security Checklist This virtualization security checklist is intended for use with enterprise full virtualization environments (as opposed to paravirtualization, application or operating

More information

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions.

Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH. White Paper February 2010 www.alvandsolutions. Enterprise Key Management: A Strategic Approach ENTERPRISE KEY MANAGEMENT A SRATEGIC APPROACH White Paper February 2010 www.alvandsolutions.com Overview Today s increasing security threats and regulatory

More information

PCI DSS 3.0 Compliance

PCI DSS 3.0 Compliance A Trend Micro White Paper April 2014 PCI DSS 3.0 Compliance How Trend Micro Cloud and Data Center Security Solutions Can Help INTRODUCTION Merchants and service providers that process credit card payments

More information

Meeting the Challenges of Virtualization Security

Meeting the Challenges of Virtualization Security Meeting the Challenges of Virtualization Security Coordinate Security. Server Defense for Virtual Machines A Trend Micro White Paper August 2009 I. INTRODUCTION Virtualization enables your organization

More information

Alliance Key Manager Solution Brief

Alliance Key Manager Solution Brief Alliance Key Manager Solution Brief KEY MANAGEMENT Enterprise Encryption Key Management On the road to protecting sensitive data assets, data encryption remains one of the most difficult goals. A major

More information

How to Achieve Operational Assurance in Your Private Cloud

How to Achieve Operational Assurance in Your Private Cloud How to Achieve Operational Assurance in Your Private Cloud As enterprises implement private cloud and next-generation data centers to achieve cost efficiencies and support business agility, operational

More information

Data Protection: From PKI to Virtualization & Cloud

Data Protection: From PKI to Virtualization & Cloud Data Protection: From PKI to Virtualization & Cloud Raymond Yeung CISSP, CISA Senior Regional Director, HK/TW, ASEAN & A/NZ SafeNet Inc. Agenda What is PKI? And Value? Traditional PKI Usage Cloud Security

More information

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

Trend Micro Cloud Protection

Trend Micro Cloud Protection A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to

More information

Overcoming Security Challenges to Virtualize Internet-facing Applications

Overcoming Security Challenges to Virtualize Internet-facing Applications Intel IT IT Best Practices Cloud Security and Secure ization November 2011 Overcoming Security Challenges to ize Internet-facing Applications Executive Overview To enable virtualization of Internet-facing

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP solution brief PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP AWS AND PCI DSS COMPLIANCE To ensure an end-to-end secure computing environment, Amazon Web Services (AWS) employs a shared security responsibility

More information

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools

Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools White Paper Solving the Online File-Sharing Problem Replacing Rogue Tools with the Right Tools Introduction The modern workforce is on the hunt for tools that help them get stuff done. When the technology

More information

VMware vsphere Data Protection 6.0. Maciej Kot Senior Systems Engineer VMware

VMware vsphere Data Protection 6.0. Maciej Kot Senior Systems Engineer VMware VMware vsphere Data Protection 6.0 Maciej Kot Senior Systems Engineer VMware Overview vsphere Data Protection Overview Data protection for VMs and applications Agent-less VM backup and restore Agents for

More information

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials

Protecting Virtual Endpoints with McAfee Server Security Suite Essentials Sponsored by McAfee Protecting Virtual Endpoints with McAfee Server Security Suite Essentials December 2013 A SANS Analyst Whitepaper Written by Dave Shackleford Capability Sets for Virtualization Security

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

John Essner, CISO Office of Information Technology State of New Jersey

John Essner, CISO Office of Information Technology State of New Jersey John Essner, CISO Office of Information Technology State of New Jersey http://csrc.nist.gov/publications/nistpubs/800-144/sp800-144.pdf Governance Compliance Trust Architecture Identity and Access Management

More information

Compliance and Security Challenges with Remote Administration

Compliance and Security Challenges with Remote Administration Sponsored by Netop Compliance and Security Challenges with Remote Administration A SANS Whitepaper January 2011 Written by Dave Shackleford Compliance Control Points Encryption Access Roles and Privileges

More information

Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform

Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform Sponsored by LogRhythm Scaling Analytics to Meet Real-Time Threats in Large Enterprises: A Deep Dive into LogRhythm s Security Analytics Platform September 2013 A SANS Analyst Program Review Written by

More information

Top virtualization security risks and how to prevent them

Top virtualization security risks and how to prevent them E-Guide Top virtualization security risks and how to prevent them There are multiple attack avenues in virtual environments, but this tip highlights the most common threats that are likely to be experienced

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

Agentless Security for VMware Virtual Data Centers and Cloud

Agentless Security for VMware Virtual Data Centers and Cloud Agentless Security for VMware Virtual Data Centers and Cloud Trend Micro Deep Security VMware Global Technology Alliance Partner Trend Micro, Incorporated» This white paper reviews the challenges of applying

More information

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP SOLUTION BRIEF PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP The benefits of cloud computing are clear and compelling: no upfront investment, low ongoing costs, flexible capacity and fast application

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com

Cloud Security Case Study Amazon Web Services. Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Cloud Security Case Study Amazon Web Services Ugo Piazzalunga Technical Manager, IT Security ugo.piazzalunga@safenet-inc.com Agenda 1. Amazon Web Services challenge 2. Virtual Instances and Virtual Storage

More information

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments

CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments CSA Virtualisation Working Group Best Practices for Mitigating Risks in Virtualized Environments Kelvin Ng Tao Yao Sing Heng Yiak Por Acknowledgeme nts Co-Chairs Kapil Raina, Zscaler Kelvin Ng, Nanyang

More information

Virtualization and Cloud Computing

Virtualization and Cloud Computing Virtualization and Cloud Computing Security is a Process, not a Product Guillermo Macias CIP Security Auditor, Sr. Virtualization Purpose of Presentation: To inform entities about the importance of assessing

More information

Best Practices for Breaking Down the Barriers to Centralized Virtual Server Backup and Recovery

Best Practices for Breaking Down the Barriers to Centralized Virtual Server Backup and Recovery June 2010 By Jerome M Wendt DCIG, LLC 7511 Madison Street Omaha NE 68127 O 402.884.9594 Best Practices for Breaking Down the Barriers to Centralized Virtual Server Backup and Recovery 2010 DCIG LLC. All

More information

Symantec NetBackup 7.1 What s New and Version Comparison Matrix

Symantec NetBackup 7.1 What s New and Version Comparison Matrix Symantec 7.1 What s New and Version Comparison Matrix Symantec 7 allows customers to standardize backup and recovery operations across physical and virtual environments with fewer resources and less risk

More information

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems

Unmasking Virtualization Security. Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Eric A. Hibbard, CISSP, CISA Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted by the SNIA unless otherwise noted. Member companies and individual members may

More information

Quick Start - Virtual Server idataagent (VMware)

Quick Start - Virtual Server idataagent (VMware) Page 1 of 24 Quick Start - Virtual Server idataagent (VMware) TABLE OF CONTENTS OVERVIEW Introduction Key Features Complete Virtual Machine Protection Granular Recovery of Virtual Machine Data Minimal

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

VMware Integrated Partner Solutions for Networking and Security

VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Networking and Security VMware Integrated Partner Solutions for Security and Compliance VMware vcloud Networking and Security is the leading networking and security

More information

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World

More information

The True Story of Data-At-Rest Encryption & the Cloud

The True Story of Data-At-Rest Encryption & the Cloud The True Story of Data-At-Rest Encryption & the Cloud by Karen Scarfone Principal Consultant Scarfone Cybersecurity Sponsored by www.firehost.com (US) +1 844 682 2859 (UK) +44 800 500 3167 twitter.com/firehost

More information

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE

Virtualization Security and Best Practices. Rob Randell, CISSP Senior Security Specialist SE Virtualization Security and Best Practices Rob Randell, CISSP Senior Security Specialist SE Agenda General Virtualization Concepts Hardware Virtualization and Application Virtualization Types of Hardware

More information

SafeNet DataSecure vs. Native Oracle Encryption

SafeNet DataSecure vs. Native Oracle Encryption SafeNet vs. Native Encryption Executive Summary Given the vital records databases hold, these systems often represent one of the most critical areas of exposure for an enterprise. Consequently, as enterprises

More information

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0

Automating Cloud Security Control and Compliance Enforcement for PCI DSS 3.0 WHITE PAPER Automating Cloud Security Control and Compliance Enforcement for 3.0 How Enables Security and Compliance with the PCI Data Security Standard in a Private Cloud EXECUTIVE SUMMARY All merchants,

More information

controlling the risks and costs surrounding dormant vms

controlling the risks and costs surrounding dormant vms Secure Dormant vms Meet Compliance Reduce Costs Simplify it infrastructure controlling the risks and costs surrounding dormant vms Whitepaper Table of Contents Executive Summary...pg 1 Introduction...pg

More information

Data-Centric Security vs. Database-Level Security

Data-Centric Security vs. Database-Level Security TECHNICAL BRIEF Data-Centric Security vs. Database-Level Security Contrasting Voltage SecureData to solutions such as Oracle Advanced Security Transparent Data Encryption Introduction This document provides

More information

Protect Root Abuse privilege on Hypervisor (Cloud Security)

Protect Root Abuse privilege on Hypervisor (Cloud Security) Protect Root Abuse privilege on Hypervisor (Cloud Security) Nantharat Puwarang, CISSP Senior Technical Consultant Protect Software Defined Data Center 1 The Road to Software Defined Data Centers: Virtualization

More information

Getting the Most Out of Virtualization of Your Progress OpenEdge Environment. Libor Laubacher Principal Technical Support Engineer 8.10.

Getting the Most Out of Virtualization of Your Progress OpenEdge Environment. Libor Laubacher Principal Technical Support Engineer 8.10. Getting the Most Out of Virtualization of Your Progress OpenEdge Environment Libor Laubacher Principal Technical Support Engineer 8.10.2013 Agenda Virtualization Terms, benefits, vendors, supportability,

More information

Windows Least Privilege Management and Beyond

Windows Least Privilege Management and Beyond CENTRIFY WHITE PAPER Windows Least Privilege Management and Beyond Abstract Devising an enterprise-wide privilege access scheme for Windows systems is complex (for example, each Window system object has

More information

[VADP OVERVIEW FOR NETBACKUP]

[VADP OVERVIEW FOR NETBACKUP] 2013 Ram Nagalla [VADP OVERVIEW FOR NETBACKUP] Understanding the concept of VADP backup in Netbackup and brief description about the different configuration scenarios. Index 1) Overview. 2 2) Compatibility

More information

PROTECTING DATA IN MULTI-TENANT CLOUDS

PROTECTING DATA IN MULTI-TENANT CLOUDS 1 Introduction Today's business environment requires organizations of all types to reduce costs and create flexible business processes to compete effectively in an ever-changing marketplace. The pace of

More information

Securing the Administration of Virtualization

Securing the Administration of Virtualization Securing the Administration of Virtualization An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) Market Research Report Prepared for RSA, The Security Division of EMC March 2010 IT MANAGEMENT RESEARCH, Table of

More information

Trend Micro Deep Security

Trend Micro Deep Security Trend Micro Deep Security VMware Global Technology Alliance Partner Changing the Game with Agentless Security for the Virtual Data Center A 2012 Trend Micro White Paper I. INTRODUCTION From its early experimental

More information

Virtual Appliance Setup Guide

Virtual Appliance Setup Guide The Virtual Appliance includes the same powerful technology and simple Web based user interface found on the Barracuda Web Application Firewall hardware appliance. It is designed for easy deployment on

More information

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

Vormetric Encryption Architecture Overview

Vormetric Encryption Architecture Overview Vormetric Encryption Architecture Overview Protecting Enterprise Data at Rest with Encryption, Access Controls and Auditing Vormetric, Inc. 2545 N. 1st Street, San Jose, CA 95131 United States: 888.267.3732

More information

CloudControl Support for PCI DSS 3.0

CloudControl Support for PCI DSS 3.0 HyTrust CloudControl Support for PCI DSS 3.0 Summary In PCI DSS 3.0, hypervisors and virtual networking components are always in-scope for audit; Native auditing capabilities from the core virtualization

More information

A Strategic Approach to Enterprise Key Management

A Strategic Approach to Enterprise Key Management Ingrian - Enterprise Key Management. A Strategic Approach to Enterprise Key Management Executive Summary: In response to security threats and regulatory mandates, enterprises have adopted a range of encryption

More information

Simplifying Storage Operations By David Strom (published 3.15 by VMware) Introduction

Simplifying Storage Operations By David Strom (published 3.15 by VMware) Introduction Simplifying Storage Operations By David Strom (published 3.15 by VMware) Introduction There are tectonic changes to storage technology that the IT industry hasn t seen for many years. Storage has been

More information

Trend Micro Enterprise Security

Trend Micro Enterprise Security Trend Micro Enterprise Security Immediate Protection. Less Complexity. Changing the Game for Anti-Virus in the Virtual Datacenter A Trend Micro White Paper September 2010 I. INTRODUCTION From its early

More information

vsphere 6.0 Advantages Over Hyper-V

vsphere 6.0 Advantages Over Hyper-V v3c Advantages Over Hyper-V The most trusted and complete virtualization platform 2015 Q1 2015 VMware Inc. All rights reserved. The Most Trusted Virtualization Platform Hypervisor Architecture Broad Support

More information

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS Server virtualization offers tremendous benefits for enterprise IT organizations server

More information

Virtualization Impact on Compliance and Audit

Virtualization Impact on Compliance and Audit 2009 Reflex Systems, LLC Virtualization Impact on Compliance and Audit Michael Wronski, CISSP VP Product Management Reflex Systems Agenda Introduction Virtualization? Cloud? Risks and Challenges? Compliance

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

Drawbacks to Traditional Approaches When Securing Cloud Environments

Drawbacks to Traditional Approaches When Securing Cloud Environments WHITE PAPER Drawbacks to Traditional Approaches When Securing Cloud Environments Drawbacks to Traditional Approaches When Securing Cloud Environments Exec Summary Exec Summary Securing the VMware vsphere

More information

VMware vsphere Data Protection

VMware vsphere Data Protection VMware vsphere Data Protection Replication Target TECHNICAL WHITEPAPER 1 Table of Contents Executive Summary... 3 VDP Identities... 3 vsphere Data Protection Replication Target Identity (VDP-RT)... 3 Replication

More information

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI

JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI JOB ORIENTED VMWARE TRAINING INSTITUTE IN CHENNAI Job oriented VMWARE training is offered by Peridot Systems in Chennai. Training in our institute gives you strong foundation on cloud computing by incrementing

More information

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch What You Will Learn A demilitarized zone (DMZ) is a separate network located in the neutral zone between a private (inside)

More information

2010 State of Virtualization Security Survey

2010 State of Virtualization Security Survey 2010 State of Virtualization Security Survey Current opinions, experiences and trends on the strategies and solutions for securing virtual environments 8815 Centre Park Drive Published: April, 2010 Columbia

More information

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com

SECURING HEALTH INFORMATION IN THE CLOUD. Feisal Nanji, Executive Director, Techumen feisal@techumen.com SECURING HEALTH INFORMATION IN THE CLOUD Feisal Nanji, Executive Director, Techumen feisal@techumen.com Conflict of Interest Disclosure Feisal Nanji, MPP, CISSP Has no real or apparent conflicts of interest

More information

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise 1. Introduction Information security means protecting information

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

IOS110. Virtualization 5/27/2014 1

IOS110. Virtualization 5/27/2014 1 IOS110 Virtualization 5/27/2014 1 Agenda What is Virtualization? Types of Virtualization. Advantages and Disadvantages. Virtualization software Hyper V What is Virtualization? Virtualization Refers to

More information

Protecting Data at Rest with Vormetric Data Security Expert

Protecting Data at Rest with Vormetric Data Security Expert V O R M E T R I C W H I T E P A P E R Protecting Data at Rest with Vormetric Data Security Expert Deploying Encryption and Access Control to Protect Stored Data Across the Enterprise Enterprise Information

More information

VMware Backup and Recovery: What They Don t Tell You

VMware Backup and Recovery: What They Don t Tell You : What They Don t Tell You VMware Backup and Recovery: What They Don t Tell You Table of Contents Introduction 3 ESX Server and Virtual Machine Backup Basics 4 VM Backup Methodology Alternatives 5 1. Backup

More information

Managing, Maintaining Data in a Virtual World

Managing, Maintaining Data in a Virtual World Moving, ed.harnish@acronis.com Ed Acronis Harnish, Inc. VP Managing, Maintaining Data in a Virtual World BR The VM, Console DR and & Archiving and Recovery Operating Recovery Strategies System Agenda High

More information

Acronis Backup 12 Beta

Acronis Backup 12 Beta Acronis Backup 12 Beta EVALUATION GUIDE Table of contents 1 Introduction...3 2 What's new in version 12...4 3 Joining the Beta program...6 4 On-premise vs. cloud deployment...7 5 Evaluation scenarios...8

More information

Citrix XenDesktop Backups with Xen & Now by SEP

Citrix XenDesktop Backups with Xen & Now by SEP Citrix XenDesktop Backups with Xen & Now by SEP WWW.SEPUSA.COM Table of Contents INTRODUCTIONANDOVERVIEW...3 CITRIXXENDESKTOPENVIRONMENT...4 CITRIXDESKTOPDELIVERYCONTROLLERBACKUP...5 CITRIXLICENSESERVERBACKUP...5

More information

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps

HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps WHITE PAPER HyTrust Logging Solution Brief: Gain Virtualization Compliance by Filling Log Data Gaps Summary Summary Compliance with PCI, HIPAA, FISMA, EU, and other regulations is as critical in virtualized

More information

Total Cloud Protection

Total Cloud Protection Total Cloud Protection Data Center and Cloud Security Security for Your Unique Cloud Infrastructure A Trend Micro White Paper August 2011 I. INTRODUCTION Many businesses are looking to the cloud for increased

More information

EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter

EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, Symmetrix Management Console, and VMware vcenter Converter EMC Virtual Infrastructure for SAP Enabled by EMC Symmetrix with Auto-provisioning Groups, VMware vcenter Converter A Detailed Review EMC Information Infrastructure Solutions Abstract This white paper

More information

Complying with PCI Data Security

Complying with PCI Data Security Complying with PCI Data Security Solution BRIEF Retailers, financial institutions, data processors, and any other vendors that manage credit card holder data today must adhere to strict policies for ensuring

More information